MPAA: Forget National Security, This Is About Internet Security!

from the it's-the-worst-thing-of-all...oh-wait,-it's-just-a-botnet dept

Just the other day, famed troll-magnet Marcus Carab and I were discussing my fear of diving too deeply into HTML code. What am I afraid of, you ask? Well, because I'm an idiot, part of me believes that there is some kind of HTML super code out there that, if inputted into a simple blog post, would literally undo the internet. Techdirt itself would simply fade away into dissolved binary. It'd be a great disturbance, as though millions of lolcats meowed out in terror and were suddenly silenced. Exposed Sony customer information would just melt into oblivion, leaving literally trillions of angry hackers with idle hands and too much Cheetohs residue on their fingers.

This, of course, is stupid. But it's this kind of uninformed fear that folks like the MPAA play upon when they insist that so-called "rogue websites" are a major threat to everyone connected to the interwebz. It's a scaled up political play, stemming from their appeals to nationalism. Take a gander at what the MPAA’s Senior Vice President and Chief Technology Policy Officer Paul Brigner wrote on their website's (snicker) blog:

"Internet users who go looking for stolen movies online may end up getting more than they bargained for – a practically 'indestructible' form of malicious software designed to give cyber criminals remote control over users’ computers."

Wow. Indestructible malware. That's pretty effing scary, right? You'd have to expect that this would be some kind of new holy terror brought down upon us by the likes of zombie bin Laden.

Well, from the Kaspersky post Brigner based his words on, not really. It's a new evolution in a traditional botnet, one which requires less centralization and an affiliate installation payment program. Hell, the writer in the post follows up with folks in the comments section with free software that can be used to detect and fight off the malware. And keep in mind, of course, that these dire warnings are coming from a company that sells antivirus to protect against these threats. But this is the launching pad for Brigner's conclusion:

"All the more reason to keep rogue sites from reaching U.S. consumers. Stealing movies isn’t worth the risk to American jobs – or the risk to Internet security."

Somehow I'm not shaking in my boots yet. Oh, and nice phraseology there. Rogue sites reaching U.S. consumers? I was unaware that these rogue sites we've been discussing the past few months were accessing users rather than the other way around. It's a symptom of the problem that Brigner doesn't realize his customers are seeking out the sites when they should be seeking out his member filmmakers.

Reader Comments

some truth

"Internet users who go looking for stolen movies online may end up getting more than they bargained for"

I'd say this part of the quote is true, except for the "stolen" part, because I am pretty sure the original movie is intact after copying. But the main point is that they'll really get more, because online movies don't have ads, don't have DRM, don't have artificial release windows, so they are definitely superior to the average retail shop dvd quality.

i think the main question is, will he be believed? of course he will, especially by the already bribed/brainwashed politicians/lawmakers that back the entertainment industries already! these people are a really good advert for 'common sense gone right out the window'!

Re: Alt OSes

Hackers Can Turn Your Home Computer Into A Bomb

Randy Jeffries of that [/sarc on] Illustrious publication The Weekly World News [/sarc off] told of an even more threatening, malevolent, and ultra-ultra-scary scenario in 2004 when he quoted unknown computer expert Arnold Yabenson, president of the Washington-based consumer group National CyberCrime Prevention Foundation (NCPF)

"It is already possible for an assassin to send someone an email with an innocent-looking attachment connected to it. When the receiver downloads the attachment, the electrical current and molecular structure of the central processing unit is altered, causing it to blast apart like a large hand grenade."

"Internet users who go looking for stolen movies online may end up getting more than they bargained for – a practically 'indestructible' form of malicious software designed to give cyber criminals remote control over users’ computers"

Re:

please, do you think people this technologically retarded can make a novel botnet? This took someone with computer knowledge, an understanding of anti-virus programs, and an understanding of consumer habits. The MPAA obviously had nothing to do with it.

These are the people that said they were too tech clueless to adapt and too tech stupid to trust themselves to hire someone who knew what he was talking about. I mean really do you think a talented blackhat would work for these fucks? And if he did would he write them a novel and powerful virus or repackage some shit that had its 0day 10 years ago?

I think you are giving the MPAA too much credit if you think they are smart enough to know a good virus when they see one, and not giving blackhats enough credit to rip off idiots when they see one.

The problem really isn't malware...

...it's the inferior operating systems produced by the Microsoft Corporation. While all OS's have their issues to greater and lesser degrees, Windows has distinguished itself over the past few decades by not only having more issues, but far more serious issues with far more serious consequences.

So if the MPAA is truly concerned about IT security on a planetary level, it should be lobbying to have Windows banned. I've long since banned it from my operation, which is one reason why I have a far better chance of avoiding a breach than many others: I've stacked the deck in my favor.

(Now...there are some people who will tell you that Windows system can be secured. They are lying, of course: not even Microsoft has managed that feat, and they have enormous financial and personnel resources, not to mention the source code. Fresh evidence arrives daily from their operations demonstrating active comprises, and is available to anyone of sufficient intelligence and experience who runs a network, a mail server, or a web server --- and is actually paying attention.)

Everyone else knows that there are now something above 200 million compromised Windows systems on the Internet, and more every day. This is a serious and ongoing problem, so it would be great if the MPAA would through its weight (ponderous and clueless though it might be) behind efforts to deal with this situation.

Re: The problem really isn't malware...

I run teh Wind0wz and don't get no viruses 'cause I'm 1337.

Truth time: Malware is coming out for OSX now that morons are using it as their primary OS. No one writes malware for Linux because the main way it gets in is through retarded users, and everyone knows that there are no Linux users.

The OS is just a tool, like you. Using one that no one cares about does not make you better than other people. It just means you have a tiny penis and need to feel superior in some way.

Re: Re: The problem really isn't malware...

"The OS is just a tool, like you. Using one that no one cares about does not make you better than other people. It just means you have a tiny penis and need to feel superior in some way."

Question: In my home I have one computer running OpenSUSE, one running Vista, and one running Windows 7. In addition, I have a phone that runs Android, an iPad running iOS, and a Playstation running Sony's patented DON'TFUCKINGTOUCHANYTHINGORWE'LLKILLYOU operating system.

The tape measure is at least several feet away and I'm lazy. Exactly how long/wide/impressive is my man-sausage?

Re: Re: Re: The problem really isn't malware...

Funny thing about the PS3 and the "DON'TFUCKINGTOUCHANYTHINGORWE'LLKILLYOU" operating system. It appears to have a proximity alarm. I was working on my entertainment center and set a screw driver next to the PS3. Suddenly the phone rang and there was a knock at my door. I grabbed the screwdriver as my daughter was also "helping" me , and went to grab the phone, but as I walked away from the PS3 the phone just stopped, and then there was no one at the door either.......

I have a DMZ server that runs a debian minimal install (~200mB total), and two other machines that get different OSes all the time (I like to tinker, but don't really like breaking my main machines if I can help it).

Re: Re: The problem really isn't malware...

Re: Re: The problem really isn't malware...

Malware has been extant for MacOS for quite some time now; and malware for Linux (and Unix) systems has been around for decades. None of this should be news to anyone who has been paying attention for the past 25 years.

However, the existence of malware alone is not adequate to evaluate the threat model. One must consider how it's delivered, what it impacts, how observable it is, what actions it takes, how it may be detected, how it may be removed and so on. It's quite easy for a cursory analysis such as yours to point out that X or Y exists; but that's of course misleading and superficial.

And incidentally, if you cannot grasp the fundamental differences in security model and security implementation between (let's say) Windows 7 and FreeBSD, then you are badly in need of remedial education.

Re: Re: The problem really isn't malware...

Re: The problem really isn't malware...

Windows has the most problems because its the most used so creators of malware target it. Also, while microsoft leaves plenty of holes open the biggest gaps in security usually come from third party software (adobe, java, ect).

If everyone switched to linux tomorrow we would see a lot of new and powerful linux malwares in about 6 months. They simply target the idiots and most idiots(and most people) have windows.

Re: Re: The problem really isn't malware...

Of course this line of reasoning -- which is quite often advanced -- is contradicted by the historial record AND by the contemporary environment.

In the case of the historical record: what many mere newbies fail to grasp, because they weren't there and because they don't read, is that there was a time when Windows systems were NOT predominant on the Internet. Nor were there firewalls or IDS or IPS or vulnerability scanners or many of the other components of the contemporary security environment. Yet we did not see the kind of systemic, chronic issues we see today.

In the case of the contemporary environment, if it were true that popularity equated in even some rough fashion to target selection, then we would expect to see issues in proportion to system population. That is, if OS's A B and C constituted 70, 20 and 10 percent of the overall system population, we would expect to see the compromised system population reflect similar numbers. But we do not: anyone who is sufficiently experienced in this matter knows -- via passive OS fingerprinting and other techniques -- that Windows predominates. Research here over the past decade indicates that Windows accounts for all but a handful out of every million such observed systems -- a percentage far in excess of the actual Windows population.

Re: Re: Re: The problem really isn't malware...

I partially agree and also restate my argument. Windows is target because that is were the weak user is.

While linux does not have an proportional percent of virus infections to its user base its user base is also smarter (maybe tech savvy is a better word) than windows users. I could code a sweet linux virus but I doubt any linux user is stupid enough to download a free codec pack, a dancing kitty screensave or a facebook template designer.

I am not trying to defend windows and say that make a secure OS, I am just saying thats the lake with the fish in it so that is where people cast their line. It has more exploits because more people spend time trying to exploit it. iOS was 100% secure until the recent past. Was that because apple made a perfect OS? No, it was because iOS is a pain to code for and it wasn't worth the time for the potential reward, the user base was small and it was primarily used by advanced users or professionals. Now we see Macs becoming more popular for the average user and we see Mac viruses in the wild.

"if OS's A B and C constituted 70, 20 and 10 percent of the overall system population, we would expect to see the compromised system population reflect similar numbers."

There is false logic in this statement. If I was making malware why would I ever bother to make it for OS C? Why take the time to write code that targets such a small user base when I could write code for OS A and increase my potential victims by 600%? So i would never expect infections to be proportional to usage.

Re: Re: Re: Re: The problem really isn't malware...

Re: Re: Re: Re: Re: The problem really isn't malware...

I think windows still holds the #1 spot for servers too, although I don't think it has as large of an advantage.

I would think most server attacks are active hacks, meaning someone sitting there and running scripts or commands to gain entry. As opposed to the passive attacks you see on the internet, put virus on page, wait, profit. Of course you could actively hack an end user and I imagine there a scripts that could automatically gain root over a very poorly protected server.

As far as "where the is the money" it depends on what you are after. A server can give you large amounts of user data which you could potentially use to get money out of them (or sell the large amount of data outright) but with end users you can use scams to trick them into paying you money (and then possibly continue to use the credit card info they gave you), sell time on your botnet, or use keyloggers to gain access to their accounts. I imagine both routes could be equally profitable and would also imagine something like infecting users with a rogue anti-virus would be easier to pull of then gaining root on a server. But I really don't know where the money is because I never tried to make money by ripping people off.

Disclaimer: my tech knowledge goes little beyond consumer level. I did consumer grade repairs as my primary source of income for years and still dabble in it a little. If we talk about consumer level servers (home game servers or ftp servers) I know a bit but I know very little about commercial servers beyond what I have researched out of curiosity.

Microsoft famously recommended "nuke from orbit",

The word you mis-type as "indestructable" is qualified as "practically 'indestructible'" in single quotes. And "nuke from orbit" means wipe the drive and start over as the preferred technique for some malware.

"Rogue sites reaching U.S. consumers? I was unaware that these rogue sites we've been discussing the past few months were accessing users rather than the other way around."

Surprise for you: "teh internets" is two way communication. And if you ever looked at the logs on your router (asuming you have one), you'd likely see numerous attempts to access your computer (mostly hoping for Windows flaws to exploit). Not just a slip when you're picking at someone else's "phraseology" as if he's stupid.

"It's a symptom of the problem that Brigner doesn't realize his customers are seeking out the sites when they should be seeking out his member filmmakers."

You point out that "pirates" don't want to pay for content. By definition they're not "his customers". You've just admitted that they're losing money to piracy.

But I'm most intrigued by "should be seeking out his member filmmakers". Do you have some interest in content companies revenues and wish them to get more? Do you mean instead of "pirating"? With some variant of Mike's "free" notions? Because until the pricing levels change, the piracy isn't likely to reduce.

Re: Microsoft famously recommended "nuke from orbit",

"The word you mis-type as "indestructable" is qualified as "practically 'indestructible'" in single quotes."

Dammit, I hate typos, so thanks for pointing it out. I'll edit that once I get in front of a non-mobile computer....

"Surprise for you: "teh internets" is two way communication. And if you ever looked at the logs on your router (asuming you have one), you'd likely see numerous attempts to access your computer (mostly hoping for Windows flaws to exploit). Not just a slip when you're picking at someone else's "phraseology" as if he's stupid."

Two things. First, it seems clear to me that the point of that statement was to make it look like "rogue sites" were seeking out users, coopting naive people into their evil, when that's clearly not the case. I'm fairly certain, but leave open the possibility that I could be wrong, that he wasn't talking about technical communication patterns while accessing the internet.

Secondly, I don't think Brigner is stupid at all. I think he's a snake.

"You point out that "pirates" don't want to pay for content. By definition they're not "his customers"."

No, you miss the point, but perhaps my own phraseology could have been better. Customers, or potential customers if you prefer, are those that want what you're selling. Downloaders, evil filthy pirates though they may be, want what you got. Brigner is focusing so hard on keeping them from going to the rogue sites that he's forgotten to offer these potential customers what they're looking for. The customer is always right, after all....

"But I'm most intrigued by "should be seeking out his member filmmakers". Do you have some interest in content companies revenues and wish them to get more?"

Well, not any studio in particular, but YES!!! I absolutely LOVE movies. In fact, I get lost in most of the music discussions 'round these here parts because I don't really listen to all that much music. But movies? You're damn right I want movie studios to do every bit as well as is required to put out the next piece of entertainment for me to enjoy. I'd just prefer they not be disingenious while doing so....

"Do you mean instead of "pirating"? With some variant of Mike's "free" notions? Because until the pricing levels change, the piracy isn't likely to reduce."

I know everyone likes to point to Mike for this stuff, and he's certainly been a voice for these alternative business models, but they aren't his. They aren't mine. Price differences coupled with smart selling of scarce goods, cultivating good will, and putting out a great product are all that's necessary here....

First off, good luck on spreading malware with a movie. By itself, that isn't going to happen. What does happen is someone wanting to spread a bot will then require either you show up at some site for a password to open it or you have to have some special codec or player. All are methods to pass malware.

This new bot just has a few twists but nothing in it is really new. Not the communication by p2p methods, not the infection in MBR. Now MBR infections are usually tough because users don't really realize that when they format and do an install, the MBR doesn't get erased nor formatted. So after a refresh reinstall it's still there.

There are several ways to get rid of the MBR infection, provided you know what you are dealing with. About the most severe method to do it (call it a nuke cleaning) is to low level format. Low level is a bit different than a standard format. It takes it back to factory erase where what ever the size of the drive is, is what it is. It's unusable that way until it's been formatted but hey, it's clean. If you're running Vista or Win7 with DRM protected HD then you will have to access another computer to wipe the drive or boot off of disc to wipe it.

Another way is the rescue disc. Only you have to make one before you have an infection, not afterwards. MBR worms are well known to jump from HD to burned disc.

For the average Joe that is not aware of MBR infection, the malware will seem indestructible as it will survive the standard format.

Re:

Wow - MBR infections are new? I remember them from the early 90's... Most BIOS's have a "virus guard" feature which secures the MBR against infection - just make sure it is enabled unless you need to alter the MBR!

Re: Re:

MBR infections are still common. This is the first botnet that I am aware of that uses one, its usually rootkits these days and still fairly common, a friend of mine that still does consumer level tech repair says he has been seeing a lot of a MBR infecting rootkit, that this botnet is a variant of, for the last year or so.

Hopefully MS brings back "fdisk /mbr" in windows 8, it was so easy to clear these things out back in xp and prior.

I thought the reason they were calling these "indestructible" was because most AVs don't check the MBR unless you are doing pre-boot scans, and what average user does those? I have to remember to check out that Kaspersky blog and see what they recommend those crazy russians know their shit, probably because in soviet russia computer boots you.

ehh

""All the more reason to keep rogue sites from reaching U.S. consumers. Stealing movies isn’t worth the risk to American jobs – or the risk to Internet security."

They must be talking about Sony, as they installed rootkits into people's machines that allowed malware to be hidden from the OS

Also, think of all the lost money caused by Sony because people have to pay higher prices than they should for music/etc. It's like artificial inflation and contributes to unemployment. Or all the money sated on lawyers in our system because of these unconstitutional laws they keep getting lobbying for which are also causing extra burden on our legal system which is wasting more money and contributing to more unemployment.

Forget about malware and viruses and windows, the real problem is that they know potential customers are searching the internet for movies...and they do nothing to give them the movies. Put up a real marketplace where these people can get legitimate copies of the movies they want at a reasonable price and they can stop all of it. But maybe they're afraid that would implode the internet as well.

It is incredibly amusing to watch a bunch of 133t types snickering, not realizing that the massages are using windows, they do download, and they do tend to agree to install those new codecs, that extra deal, and approve or agree to any number of odd requests while online.

There are viruses out there that are incredibly difficult to get rid of. The popularity of torrents and file lockers make them perfect targets for widespread distribution of viruses.

The MPAA isn't wrong on this one. They may be a little self-serving about it, but they aren't wrong.

Re:

It's not the fact that you can get viruses / malware that they are wrong about, it's that they say we should be worried about it.

Whose job is lost because a teenybopper screwed his computer looking for porn and has to reinstall? If you are talking about actual work enviroments that could potentially disrupt business as the mpaa claims, fake bittorrents are not worth even bringing up.

Re: Re:

My last full office job was packed with people download crap all day, from screen savers to full movies. Maintaining their systems was a full time joke, because they were forever getting screwed up by the latest download of a cute kitty that turned out to be a trojan.

You also have to remember that people use laptops for work, and often take them home and use them as personal computers at night. They download a "movie" that is a trojan at night, and that infections is brought into the work environment the next day.

Re: Re: Re:

"My last full office job was packed with people download crap all day, from screen savers to full movies. Maintaining their systems was a full time joke, because they were forever getting screwed up by the latest download of a cute kitty that turned out to be a trojan."

Sounds like your office could've benefited from a more mature workforce coupled w/a web filter set on "low"....

"You also have to remember that people use laptops for work, and often take them home and use them as personal computers at night. They download a "movie" that is a trojan at night, and that infections is brought into the work environment the next day."

And that was THAT big a problem? No proactive monitoring on mobile workstations? Thank God for situations like this; they keep us managed services folks in business....

Re: Re: Re:

If the people are idiots, I'm sure for every fake movie downloaded, I'm sure they have clicked on 100 fake emails. Maybe instead of removing torrents, we should remove computers. That would be more effective.

Re: Re:

The lie is that protect-ip will get rid of this type of malware. While people certainly do get fooled into downloading viruses while trying to get free content protect IP will only get rid of the sites that actually have the content not the ones faking it to give out malware.

If people can't stream/download movies anymore the malware websites will just find a new cover. This legislation does nothing to prevent malware. Karl explains it wonderfully below.

Complete FUD

One of the major points in his blog is that the botnet is spread through "affiliates." Such situations are not new, but are novel for this particular type of malware.

However, Brigner then says that these "affiliates" are "rogue websites." In other words, he's strongly implying that the affiliates of botnets and other malware are also websites that are "dedicated to infringing content."

Except this is absolutely false. The "affiliates" do not, themselves, distribute any content whatsoever. Usually, they try to trick users into believing they're getting content (or legitimate software, or "antivirus programs"), but the users get the malware instead. In other words, the botnet affiliates have the same relationship to "rogue websites," as phishing emailers do to Bank of America.

As an illustration: among all the sites ICE seized for copyright infringement, not one was even accused of spreading malware. And why would they? Sites that are "dedicated to infringing content" are almost exclusively community-driven.

This is where his argument falls apart. The PROTECT-IP act considers "rogue websites" to be websites that are "dedicated to infringing content." If the act passes, not a single malware affiliate will be affected by it.

They will not be any more unlawful than they are now; law enforcement will have no more resources to fight them than they do now. In fact, law enforcement will have fewer resources, because the money that could be used to fight malware affiliates would be diverted into fighting "rogue websites" instead.

Nor will it particularly harm the botnet affiliates if every single "rogue website" shut down. By the time that happened (assuming it even could), the botnet affiliates would have long ago moved on to whatever other types of websites are popular at the moment.

If you want to know what FUD actually means, this blog post is a textbook example.

"What am I afraid of, you ask? Well, because I'm an idiot, part of me believes that there is some kind of HTML super code out there that, if inputted into a simple blog post, would literally undo the internet."